OpenBSD: Users' View

Many users have commented on their use of OpenBSD.
The following are unsolicited comments from our public mailing lists or,
occasionally, other mailing lists (these have links to the original articles).
Postings have been shortened, and edited slightly for spelling and grammar,
but are otherwise unchanged.

My name is Jules and I live in Kent. I've been using OpenBSD since 2.9.
I have OpenBSD running on 6 x Nexcom NSA1086's to provide core routing
between our Data Centres. All the routes are running from read-only
Compact Flash. Largely runs untroubled, pushing ~ 400Mb/s.
Main motivation was the cost savings compared to equivalent
Junpier/Cisco kit.
I hope to be testing the new MPLS code soon.

As a Security/Network Administrator for over ten years, I have to say
OpenBSD is hands down the best out-of-the-box OS I have seen yet. I
have worked with MS NT/2000, Linux (from its humble beginnings),
Solaris, etc. OpenBSD is simple, clean, secure and reliable. Many
thanks to the developers for an outstanding job.

I've been securing networks for quite some time now, and until recently
when I installed Open BSD 3.0 I never realized how easy my life could have
been had I tried it earlier.
After experiencing all the "other" operating systems available, 3.0 has to
be the most secure, easily managed and well organized package I have ever seen.
Not only is it completely cutting edge, it focuses on the smaller points of
security which I'm tired of having to manually tweak every time you setup a box.

I am securing networks all over Alberta using your fantastic
setup. Thank you so much! Keep up the incredible work.

Matthew Haas says this:

I've been very impressed with OpenBSD since my decision to install it.
Definitely a great system, reminds me of my Slackware days, but better.

By way of success stories, since a few of us at 2600 Australia started
using OpenBSD about 12 months ago now in some form or another, we've seen...
friends load it onto their machines and been simply amazed
at the quality of it, in particular the forethought that goes into
securing things out of the box.

We've also had one of our guys working at an ISP go head-to-head with an
in-house SuSE zealot of sorts on a compatibility, stability and security
test in advance of them selecting an operating system for their servers
(which, while using RedHat, had been rooted at least once). OpenBSD passed
with flying colors and as of today, they're beginning a roll-out of 2.6
onto their servers, mostly using stock components and software from the
ports tree (qmail, cucipop etc).

System and Network Administrator Jeff Schneiter offers this:

With a frozen budget it sure makes one squeeze every last
bit of power out of whatever hardware one can lay his hands
on... and thanks to OpenBSD, I have been doing just that.

I tried OpenBSD because of the IPsec support.
The reason I stick with it is because it really is nice to use
and it gives a feeling of quality which no other OS can match.

I did some programming on an OpenBSD machine, after this I really
appreciated the man pages. Other Unices I used had man pages that
simply weren't any good.

Keep up the good work guys.

Security Engineer Tyler Allison writes:

I have installed, secured, and maintained Linux, Windows NT and OpenBSD in
highly secure environments. (yes you can secure Linux and Windows NT in
this environment :) ). Having said that I have to point out that if you
want a minimum administration to keep up with security issues option you
need to pick OpenBSD by far. It is not uncommon for people to go years without
updating their production OpenBSD machines because they are just rock solid
and there are no known "remote" vulnerabilities. Thus no good reason to
upgrade...

I would feel perfectly happy to have one of my [novice] interns do a basic
OpenBSD install on a PC (no extra security work after the install) and then put
the companies crown jewels on that machine and then walk away for a year.
Knowing full well that machine hasn't crashed, been broken into or in need
of an OS upgrade. You can't say that about NT or Linux.
Or if you do you obviously haven't ever used the product that way :)

Another thing that I hear people point out is go check your local exploit
site or vulnerability alert mailing list and see if you can find a "remote"
root level exploit that works on OpenBSD. I dare say you won't find any that
are less than 12 months old.

Jan Johansson gave this reply to a "how do I build a cheap web server?" query:

I work today with Solaris, OpenBSD, NT Server, NT Workstation and Win 95.

After reading Bugtraq for some weeks I will say that I will never put
any (important) machine on the Internet if there is not a firewall in
front and for packet filtering I go for OpenBSD...

For a cheap web server I say hardware from a known vendor, an ordered
OpenBSD CD-ROM and Apache...

As well, OpenBSD runs on my laptop.
A Gateway Solo 2500 with a Xircom modem, and a Linksys fast Ethernet NIC.

And it never crashes :)

One other incident that made me a believer... we were pingbombed
[perhaps a predecessor to the early2000 DDOS attacks?]. I mean,
900 different hosts on different networks floodpinging an OpenBSD 2.3 box
simultaneously, while it was processing email and web pages for 3500 users.

It was a P133 with 64MB ram. And it didn't go down. It got a bit slower,
but never crashed :-)

John J. Adelsberger III said this about us in Bruce Schneier's
Crypto-Gram:

(the comments he is responding to are Schneier's)

> Real systems show no signs of becoming less
> complex. In fact, they are becoming more complex,
> faster and faster. Microsoft Windows is a poster
> child for this trend to complexity.
...
> The other choice is to slow down, to simplify,
> and to try to add security.

OpenBSD does this. I am unaware of any other group whose workings
are publicly viewable that does so [emphasis added], which is regrettable, because
I would prefer not to have this appear as an OpenBSD plug; rather,
my purpose is to point out that not only is this approach feasible,
but it is being done.

Andrew Hermetz commented as follows:

Hey all,

Just wanted to drop a line and thank all who have worked to make OpenBSD
such a clean, cool, & efficient project.

Major kudos to Theo for being a man ahead of his time! ;-)

As I have to frequently explain to people *why* security is important at
all ("if you have nothing to hide...", "nothing you do is important enough to
warrant encryption...", "only criminals and terrorists need to sneak around
anonymously...", etc. ad nauseam), let alone *why* it's important in this day
and age of personal networks behind a DSL or even a full T1, I love being able
to point them to a page which sets out a well-reasoned explanation for taking
computer security seriously.

[... OpenBSD installed]
effortlessly onto a Pentium 90 Compaq LTE 5100 laptop -- even the no-name
brand LAN card came right up and did a kickass install over a friend's office
T1. When I sing its praises, the thing that seems to get most people is its
spartan look & feel, but I like knowing where everything is and not having a
distro that shoves [stuff] into dark corners I'll never find...

OpenBSD is the most secure operating system
wbp systems has ever used.
With all of our products, OpenBSD has allowed us to focus on our customers
instead of tweaking the OS to make it secure.
Internally we use OpenBSD for everything imaginable.
With its rock solid performance, we never have to worry about a file
server, proxy server or application server crashing.